Download presentation
Presentation is loading. Please wait.
1
Shibboleth Architecture
Technical Information Session for Developers Datta Mahabalagiri April
2
Identity Provider (IdP)
The “server” side of Shibboleth HS: SSO/Authentication AA: Attributes One instance per campus
3
Service Provider (SP) The “consumer” side of Shibboleth
Apache Module or IIS ISAPI filter plus daemon Handles all interactions with IdP ACS AR Attributes in HTTP header Provided by Internet2
4
Federation Federation WAYF
6
Application / Resource
Architecture WAYF 2 3 4 5 6 1 Identity Provider Service Provider 7 Credentials SSO (ISIS) HS ACS 8 Handle User DB Handle Application / Resource 9 Handle AA Attributes AR Attribute Repository Attributes 10 © SWITCH
7
Identity Provider at UCLA
4 OK, I redirect your request now to the Handle Service of UCLA. 3 2 Please tell me where are you from? 1 ACS I don’t know you. Not even which home org you are from. Redirect your request to the WAYF WAYF HS 5 6 I don’t know you. Please authenticate Using ISIS Identity Provider at UCLA Service Provider 7 User DB Credentials OK, I know you now. Redirect your request to the SP, together with a handle Attributes 10 Manager Resoure OK, based on the attributes, I grant access to the resource AR Handle 8 I don’t know the attributes of this user. Let’s ask the Attribute Authority Handle 9 AA Let’s pass over the attributes the user has allowed me to release Resource
8
Access Control Read Http header
request.getAttribute(“eduPersonPrincipalName”) request.getAttribute(“Affiliation”) If (affiliation == student) allow Read access Else If (affiliation == faculty) allow Edit access
9
Bilateral vs Federated
Establish trust & Exchange metadata with IdP directly Likely a simpler deployment model for UCLA-only applications User base limited to UCLA Can always move to a federated deployment mode
10
Bilateral vs Federated
Register with a 3rd party hosting a Federation Interoperability & trust Common standards, Comply with federation requirements Security and Audit requirements Coordinated helpdesk support Expanded User base When to choose Federated deployment?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.